On Wed, 06 Jul 2016, Lachlan Musicman wrote:
Can I just confirm - the IT team are about to migrate our PDC across town.
I presume that the trust relationship is with the domain, not the actual
machine itself. So our IPA server will just see the new PDC and everything
will be smooth?
No need to change any config or create a new trust?
Correct. The information about trust relationship is stored in AD LDAP
and as such replicated across all domain controllers.
There might be a period of outage when PDC is not online yet but already
announced in the DNS records. At this time SSSD would ideally switch to
another DC.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
